You'll probably be safe from VM-to-host breakout by malware. But I defer to those with far more experience.

Information from your VMs resides in at least three places on your host machine. First, there are the virtual disks. But you can use whole-disk encryption, and shut down whenever you're not using them. Second, each VM has a memory swapfile. They persist after VM shutdown, and VMs will be hosed if they're corrupted. Third, VMware uses another datastore for common scratch space.

I'm just learning VMware, so that's about all I have to say now. If you use whole-disk encryption on the host, you can keep all of that private, except when the host is running